Edward McAndrew

Edward McAndrew

Ballard Spahr LLP

Contact

Readers' Choice Awards

Cybersecurity
View Bio
RSS

Latest Posts › Popular

Share:

Some Thoughts on the Year in Privacy and Data Security Law

As we turn the page on 2018, let’s reflect on some of the key privacy and cybersecurity issues that will continue to occupy our hearts and minds in 2019....more

1/4/2019  /  California Consumer Privacy Act (CCPA) , Carpenter v US , Cybersecurity , Data Breach , Data Security , Internet of Things , Marriott , Personally Identifiable Information , Popular , Regulatory Oversight , Securities and Exchange Commission (SEC) , State Data Breach Notification Statutes , Verizon , Yahoo!

PA Supreme Court: Businesses Have Duty to Safeguard Sensitive Employee Information

The Pennsylvania Supreme Court has drastically changed the data breach litigation landscape by holding that an employer has a common law duty to use reasonable care to safeguard its employees' personal information stored on...more

11/28/2018  /  Corporate Counsel , Cybersecurity , Data Breach , Data Collection , Data Security , Economic Loss Doctrine , Employer Liability Issues , Employment Litigation , Identity Theft , Negligence , PA Supreme Court , Personal Data , Personally Identifiable Information , Popular , Reasonable Care

SEC Special Report: Rampant Business Email Compromises Require Reassessment of Internal Accounting Controls

The U.S. Securities and Exchange Commission (SEC) has joined the government chorus in sounding the alarm about the rapid rise in "business email compromises" that are victimizing organizations across industry sectors....more

10/23/2018  /  Business E-Mail Compromise (BEC) , Cyber Attacks , Electronic Communications , Email , Fraud , Internal Controls , Popular , Publicly-Traded Companies , Risk Management , Securities and Exchange Commission (SEC) , Vulnerability Assessments

OCC Semiannual Risk Perspective Highlights Cybersecurity, Fraud, Money Laundering Concerns

Last week, the Office of the Comptroller of the Currency (“OCC”) published the Spring 2018 Semiannual Risk Perspective (the “Report”), which uses up-to-date data to identify risks to U.S. banks and measure their compliance...more

6/6/2018  /  Beneficial Owner , BSA/AML , Customer Due Diligence (CDD) , Cyber Threats , Cybersecurity , Financial Fraud , Fraud Prevention , Money Laundering , OCC , Popular , Risk Management , Third-Party Risk

South Carolina Enacts First Insurance Data Security Act

South Carolina has become the first state to enact a version of the Insurance Data Security Model Law, which was drafted by the National Association of Insurance Commissioners (NAIC) in 2017. Governor Henry McMaster signed...more

5/21/2018  /  Cybersecurity , Cybersecurity Framework , Data Protection , Incident Response Plans , Information Technology , Insurance Industry , NAIC , Popular , Risk Assessment , Risk Management , State and Local Government , Third-Party Service Provider

The Hacked & the Hacker-for-Hire: Lessons from the Yahoo Data Breaches (So Far)

The fallout from the Yahoo data breaches continues to illustrate how cyberattacks thrust companies into the competing roles of crime victim, regulatory enforcement target and civil litigant. ...more

5/14/2018  /  Class Action , Criminal Conspiracy , Criminal Prosecution , Cyber Crimes , Cybersecurity , Data Breach , Enforcement Actions , Failure To Disclose , Hackers , Personally Identifiable Information , Popular , Publicly-Traded Companies , Russia , Securities and Exchange Commission (SEC) , Securities Violations , Yahoo!

Seventh Circuit Reinstates Barnes & Noble Data Breach Class Action

The U.S. Court of Appeals for the Seventh Circuit has reinstated a data breach class action filed against Barnes & Noble (B&N).  The litigation, styled as Dieffenbach v. Barnes & Noble, Inc., now heads back to the U.S....more

4/16/2018  /  Article III , Barnes and Noble , Corporate Counsel , Data Breach , Debit and Credit Card Transactions , Economic Injuries , Federal Rule 12(b)(1) , Federal Rule 12(b)(6) , Hackers , Injury-in-Fact , Personally Identifiable Information , Point of Sale Terminals , Popular , Putative Class Actions , Reinstatement , Standing , State Data Breach Notification Statutes , UDAAP

Alabama Becomes 50th State to Enact Data Breach Notification Law

Alabama has officially joined the data breach notification party. Alabama Governor Kay Ivey signed Act No. 2018-396 into law on March 28, 2018. ...more

4/3/2018  /  Cyber Attacks , Cybersecurity , Data Breach , Data Protection , Hackers , New Legislation , Personally Identifiable Information , Popular , Risk Management , State and Local Government , State Data Breach Notification Statutes

South Dakota Enacts Data Breach Notification Law

South Dakota has become the 49th State to enact a data breach notification law. South Dakota Governor Dennis Daugaard signed SB 62 into law on March 21, 2018. The law will take effect on July 1, 2018....more

3/23/2018  /  Cyber Attacks , Cybersecurity , Data Breach , Data Protection , Hackers , New Legislation , Personally Identifiable Information , Popular , Risk Management , State and Local Government , State Data Breach Notification Statutes

“Panama Papers” Law Firm Announces Its Closure Due to Fallout from Massive Data Breach

The beleaguered law firm at the center of the international Panama Papers scandal – Mossack Fonseca – has announced that it is closing its doors. It offered no apologies....more

3/16/2018  /  Banking Sector , Beneficial Owner , Corruption , Criminal Investigations , Data Breach , Money Laundering , Mossack Fonseca , Offshore Funds , Panama Papers , Popular , Shell Corporations , Tax Haven , White Collar Crimes

SEC Releases Guidance on Public Company Cybersecurity Disclosures

On February 21, 2018, the U.S. Securities and Exchange Commission approved the release of Interpretive Guidance relating to public company disclosures of cybersecurity risks and incidents. ...more

2/23/2018  /  Cyber Threats , Cybersecurity , Data Breach , Disclosure Requirements , Form 8-K , Insider Trading , Interpretive Rule , Non-Public Information , Popular , Publicly-Traded Companies , Securities and Exchange Commission (SEC)

Supreme Court Denies Cert Petition in CareFirst v. Attias

Earlier this week, the Supreme Court of the United States denied certiorari in CareFirst v. Attias, a closely watched case that some thought provided the Court with an opportunity to clarify the standing analysis under Spokeo...more

2/22/2018  /  Article III , CareFirst , Class Action , Cyber Attacks , Cybersecurity , Data Breach , Hackers , Health Insurance , Identity Theft , Injury-in-Fact , Personally Identifiable Information , Petition for Writ of Certiorari , Popular , Standing

U.S. Supreme Court Rejects Second Bid for Review in Spokeo

The U.S. Supreme Court on Monday denied the petition for certiorari seeking review of the U.S. Court of Appeals for the Ninth Circuit's most recent decision in Spokeo v. Robins (Spokeo II), foregoing an opportunity to clarify...more

1/25/2018  /  Article III , Background Checks , CareFirst , Class Action , Data Breach , Fair Credit Reporting Act (FCRA) , Injury-in-Fact , Petition for Writ of Certiorari , Popular , SCOTUS , Spokeo v Robins , Standing

Washington A.G. Sues Uber in First Enforcement Action Under Revised Data Breach Law

The State of Washington's Attorney General filed a complaint against Uber Technologies, Inc., (Uber) this week related to the 2016 hack that exposed the personal data of 57 million riders and drivers. The suit is the first...more

11/30/2017  /  Cyber Attacks , Cyber Crimes , Data Breach , Hackers , Pending Litigation , Personally Identifiable Information , Popular , Ridesharing , Sharing Economy , Uber

Eighth Circuit Issues Two Class Action Data Breach Rulings

In the span of just nine days, the U.S. Court of Appeals for the Eighth Circuit issued two rulings in class actions involving data breaches—one breach in 2013 at brokerage firm Scottrade and another in 2014 at grocery stores...more

9/5/2017  /  Article III , Breach of Contract , Brokerage Accounts , Class Action , Corporate Counsel , Cyber Attacks , Data Breach , Federal Rule 12(b)(6) , Grocery Stores , Hackers , Injury-in-Fact , Personally Identifiable Information , Popular , Scottrade , Standing

Maryland Amends Data Breach Notification Law

The Maryland General Assembly recently amended the Maryland Personal Information Protection Act to expand the definition of personal information, provide a 45-day timeframe for providing notice of a breach, allow for...more

8/4/2017  /  Biometric Information , Cybersecurity , Data Breach , Data Protection , Health Insurance Portability and Accountability Act (HIPAA) , New Legislation , Notification Requirements , Personally Identifiable Information , Popular

D.C. Circuit Reverses Data Breach Class Action Dismissal on Standing Grounds

The U.S. Court of Appeals for the D.C. Circuit has reinstated a data breach class action filed against CareFirst BlueCross BlueShield (CareFirst). The lawsuit stems from a June 2014 data breach in which hackers infiltrated 22...more

8/3/2017  /  Article III , Blue Cross , Blue Shield , CareFirst , Class Action , Corporate Counsel , Cyber Attacks , Cybersecurity , Data Breach , Hackers , Health Insurance , Identity Theft , Injury-in-Fact , Personally Identifiable Information , Popular , Standing

Colorado District Court Dismisses Data Breach Class Action Against Noodles & Company

The U.S. District Court for the District of Colorado recently dismissed a proposed class action lawsuit filed by financial institutions relating to a 2016 data breach that involved hundreds of Noodles & Company (Noodles)...more

7/27/2017  /  Banking Sector , Choice-of-Law , Class Action , Corporate Counsel , Cyber Attacks , Data Breach , Economic Loss Doctrine , Financial Institutions , PCI-DSS Standard , Personally Identifiable Information , Popular , Restaurant Industry

NYDFS Updates FAQs to Clarify Cybersecurity Regulations

The New York Department of Financial Services (NYDFS) recently updated frequently asked questions (FAQs) about its cybersecurity regulations, 23 NYCRR 500, to address four new issues. NYDFS published its initial set of FAQs...more

7/17/2017  /  Banking Sector , Chief Information Security Officer (CISO) , Covered Entities , Cybersecurity , Cybersecurity Framework , Data Protection , Financial Institutions , Financial Services Industry , Insurance Industry , NYDFS , Personally Identifiable Information , Popular , Risk Management , Third-Party Risk

Ponemon Institute Study on Costs of Data Breaches Highlights Improvement and New Risks for U.S. and Global Companies

The average cost of a data breach, on both an aggregate and a per-record basis, has decreased slightly according to the Ponemon Institute's 2017 Cost of Data Breach Study: Global Overview. In addition to presenting recent...more

6/29/2017  /  Corporate Counsel , Cyber Attacks , Cyber Crimes , Cybersecurity , Data Breach , Data Breach Costs , Data Protection , Data Security , Hackers , Personally Identifiable Information , Popular , Young Lawyers

Colorado Division of Securities Publishes Final Cybersecurity Rules

The Colorado Division of Securities (Division) has published final cybersecurity rules applicable to broker-dealers and investment advisers. The Colorado Attorney General's office has 20 days to write an opinion on the rules,...more

5/23/2017  /  Broker-Dealer , Cybersecurity , Data Protection , Electronic Communications , Final Rules , Financial Markets , Financial Services Industry , Personally Identifiable Information , Popular , Risk Management

White House Issues New Cybersecurity Executive Order

President Trump recently signed the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. The Order sets forth the Trump Administration's policy for cybersecurity of...more

5/18/2017  /  Critical Infrastructure Sectors , Cyber Attacks , Cyber Crimes , Cyber Threats , Cybersecurity , Data Protection , Executive Orders , Hackers , Popular , Risk Management , Trump Administration

Is Your Organization Ready for a Systemwide Ransomware Attack?

Ransomware attacks just went big time. In a period of mere hours late last week, a global ransomware attack infected more than 200,000 computers and affected more than 100,000 organizations in over 150 countries. To put this...more

5/17/2017  /  Cyber Attacks , Cyber Crimes , Cyber Threats , Cybersecurity , Data Breach , Data Protection , Hackers , Malware , Personally Identifiable Information , Phishing Scams , Popular , Ransomware

Colorado Proposes Cybersecurity Rules for Investment Advisers, Broker-Dealers

The Colorado Division of Securities recently issued proposed rules directed at establishing cybersecurity requirements for broker-dealers and investment advisers. The proposed rules were issued only a month after New York...more

4/27/2017  /  Broker-Dealer , Cybersecurity , Data Protection , Electronic Communications , Financial Services Industry , Investment Adviser , Investment Products , Popular , Risk Assessment , Securities and Exchange Commission (SEC)

FTC Settles with Targeted Digital Advertising Company over Supercookie Advertising Practices

The Federal Trade Commission (FTC) has entered into a proposed consent order requiring digital advertising company Turn Inc. to include a clear and conspicuous notice detailing how it collects, uses, or shares information...more

12/27/2016  /  Advertising , Cookies , Federal Trade Commission (FTC) , FTC Act , Misrepresentation , Mobile Apps , Online Platforms , Opt-Outs , Popular , Settlement , Unfair or Deceptive Trade Practices , Web Tracking , Websites
38 Results
 / 
View per page
Page: of 2
Next »

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide